lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Thu, 29 Jan 2009 15:35:01 -0600
From:	David Smith <dsmith@...hat.com>
To:	linux-kernel@...r.kernel.org
CC:	Roland McGrath <roland@...hat.com>,
	"Frank Ch. Eigler" <fche@...hat.com>,
	David Howells <dhowells@...hat.com>,
	Oleg Nesterov <oleg@...hat.com>
Subject: [2.6.29-rc2 regression] CRED changes causing setuid failures

I'm seeing setuid problems with 2.6.29-rc2.  I've narrowed the problem
down to the 2 attached test files.  test1, a setuid root program drops
root euid (by calling setresuid()), then execs test2 (a non-setuid
program).  Test2 then execs test1, but test1's euid isn't set back to 0
as it should be.

After doing a git bisect, here's the change that causes the problem:

commit d84f4f992cbd76e8f39c488cf0c5d123843923b1
Author: David Howells <dhowells@...hat.com>
Date:   Fri Nov 14 10:39:23 2008 +1100

    CRED: Inaugurate COW credentials

I believe this regression is tied to the fact that test2 creates a 2nd
thread (that does nothing).  Without the 2nd thread, the test runs
correctly.

-- 
David Smith
dsmith@...hat.com
Red Hat
http://www.redhat.com
256.217.0141 (direct)
256.837.0057 (fax)

View attachment "test1.c" of type "text/x-csrc" (1450 bytes)

View attachment "test2.c" of type "text/x-csrc" (1545 bytes)

View attachment "Makefile" of type "text/plain" (250 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ